Privacy Policy

INFORMATION WE COLLECT

We collect personal information that you voluntarily provide to us through our Site, communications, or transactions. This may include your name, business name, contact information, billing and shipping address, and payment details.

Our hosting and analytics providers also gather general, non-personal information automatically when you access the Site. This may include your IP address, browser type, device identifiers, time spent on different pages, domain origin, referring URLs, and other usage data. This information is used for analytical purposes to improve the performance and usability of the Site.

We may also collect personal information if you interact with us via social media, participate in promotions, submit user-generated content, or engage with our customer support.

INFORMATION YOU PROVIDE

Examples of personal information you may provide include:

• Full name
• Email address
• Phone number
• Billing and shipping address
• Payment information
• Username and password
• Purchase history and preferences
• Location data (from mobile devices)
• Social media interactions
• Any other data you submit voluntarily

WHY WE COLLECT THIS INFORMATION

We collect and use your information to:

• Process transactions and manage your subscription
• Provide and improve customer experience and support
• Track orders and preferences
• Administer promotions and offers
• Communicate updates or changes to your account
• Analyze user behavior for product and marketing improvements
• Detect, prevent, and investigate fraud, abuse, or security incidents
• Comply with legal obligations and enforce our Terms of Service

CONSENT TO COLLECTION

By using our Site, completing forms, or making a purchase, you consent to the collection and use of your information as described in this policy.

PATIENT INFORMATION, HIPAA, AND PROTECTED HEALTH INFORMATION

The Social Spa is a marketing platform, not a healthcare provider, clearinghouse, or health plan. We are not a HIPAA “business associate” to you unless we have entered into a separate written Business Associate Agreement.

You agree not to upload, submit, transmit, or disclose protected health information (PHI), patient-identifying information, patient images, patient stories, medical records, or other sensitive personal information through the Site unless you have all required consents, authorizations, and legal authority to do so.

You are solely responsible for obtaining and maintaining valid patient consents, photo releases, testimonial releases, HIPAA authorizations, and any other required approvals before using patient-related content in marketing or submitting it to the Site.

HOW WE STORE YOUR DATA

We take commercially reasonable steps to protect your personal information using secure servers, encrypted transactions, and protected file storage. While we strive to safeguard all data, no system, transmission method, or storage method is entirely immune to unauthorized access, breach, loss, or alteration. We cannot and do not guarantee the absolute security of any information you transmit to or store on the Site. You use the Site at your own risk.

DATA RETENTION

We retain personal information for as long as your account is active, as needed to provide the Site and related services, and as required to comply with our legal obligations, resolve disputes, prevent fraud or abuse, and enforce our agreements.

When personal information is no longer required, we will delete, anonymize, or otherwise dispose of it in a secure manner, subject to any legal, accounting, or reporting obligations.

THIRD-PARTY SERVICE PROVIDERS

We may share your personal information with trusted third-party service providers who help us operate our business, such as:

• Hosting, infrastructure, and database providers
• Authentication and identity providers
• Payment processors and billing platforms
• Email, communications, and customer support providers
• Analytics, advertising attribution, and marketing platforms
• Design, template, and content delivery providers
• Fraud prevention and security providers

These providers are required to handle your data in a manner consistent with this Privacy Policy and applicable law, and are not authorized to use your information for their own independent marketing purposes.

DISCLOSURE OF INFORMATION

We do not sell or rent your personal data. We may disclose your information in the following circumstances:

• If required by law, regulation, subpoena, court order, or other legal process
• To respond to lawful requests from government or regulatory authorities
• To enforce our Terms of Service or protect our rights, property, or operations
• To protect the rights, safety, or property of users or the public
• In connection with a business transfer, such as a merger, sale, or acquisition

YOUR RIGHTS & ACCESS TO INFORMATION

Subject to applicable law, you have the right to access, update, correct, or request deletion of your personal information. To make such a request, please contact us at info@thesocialspa.io. We will respond within a reasonable timeframe and as required by applicable law.

CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights, subject to certain exceptions:

• Right to Know: The right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: The right to request deletion of personal information we have collected from you, subject to legal exceptions.
• Right to Correct: The right to request correction of inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of your personal information. We do not sell your personal information, and we do not share it for cross-context behavioral advertising in a way that requires opt out under California law.
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information in certain circumstances.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, contact us at info@thesocialspa.io. We may need to verify your identity before responding to your request. You may also designate an authorized agent to make a request on your behalf.

EUROPEAN AND UK PRIVACY RIGHTS (GDPR / UK GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR), the UK GDPR, and related laws provide you with the following rights, subject to certain exceptions:

• Right of Access: To request a copy of the personal data we hold about you.
• Right to Rectification: To request correction of inaccurate or incomplete personal data.
• Right to Erasure: To request deletion of personal data in certain circumstances.
• Right to Restrict Processing: To request that we limit how we use your personal data.
• Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: To object to processing of your personal data based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Where we rely on your consent, to withdraw that consent at any time.
• Right to Lodge a Complaint: To lodge a complaint with your local data protection supervisory authority.

Legal bases for processing. We process personal data on one or more of the following legal bases: performance of a contract with you, compliance with legal obligations, your consent (which you may withdraw at any time), and our legitimate interests in operating, securing, and improving the Site, as balanced against your rights and interests.

International transfers. Personal data may be transferred to, stored, and processed in the United States and other countries that may have data protection laws different from those in your jurisdiction. Where required, we use appropriate safeguards for such transfers.

To exercise these rights, contact us at info@thesocialspa.io.

LINKS TO OTHER SITES

The Site may contain links to third-party websites, including social media platforms, design tools, and payment processors. We are not responsible for the content, security, or privacy practices of those websites. We recommend reviewing their privacy policies before submitting any personal data.

USER-GENERATED CONTENT

If you choose to publicly share content (e.g., reviews, social media posts, testimonials), it may be visible to others and reused by The Social Spa. We are not responsible for any personal data you voluntarily disclose in public forums or in content you submit for use on the Site.

AGE OF USERS

The Site is intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under the age of 18, and we do not knowingly collect personal information from children under the age of 13 in violation of the Children’s Online Privacy Protection Act (COPPA). If we discover that we have collected personal information from a person under the applicable age, we will delete it promptly. If you believe we may have collected information from a minor, please contact us at info@thesocialspa.io.

COOKIE POLICY

We use cookies and similar technologies (such as pixels, local storage, and device identifiers) to operate the Site, remember your preferences, authenticate sessions, analyze usage, and measure the effectiveness of our marketing. Some cookies are set by third-party providers we work with, including analytics and advertising platforms. You can manage or disable most cookies in your browser settings; disabling certain cookies may affect the functionality of the Site.

CHANGES TO THIS POLICY

By using the Site, you agree to this Privacy Policy. The Social Spa LLC reserves the right to update or modify this policy at any time. Changes will be posted on this page with the updated effective date. Continued use of the Site after such changes constitutes your acceptance.

CONTACT US

If you have any questions or concerns regarding this Privacy Policy, or to exercise any of your privacy rights, please contact us at:

Email: info@thesocialspa.io

Address: 3900 S Wadsworth Blvd Ste 200, Lakewood, CO 80235